CVE-2026-23326

In the Linux kernel, the following vulnerability has been resolved:

xsk: Fix fragment node deletion to prevent buffer leak

After commit b692bf9a7543 ("xsk: Get rid of xdpbuffxsk::xskblistnode"), the list_node field is reused for both the xskb pool list and the buffer free list, this causes a buffer leak as described below.

xpfree() checks if a buffer is already on the free list using listempty(&xskb->listnode). When listdel() is used to remove a node from the xskb pool list, it doesn't reinitialize the node pointers. This means listempty() will return false even after the node has been removed, causing xpfree() to incorrectly skip adding the buffer to the free list.

Fix this by using listdelinit() instead of listdel() in all fragment handling paths, this ensures the list node is reinitialized after removal, allowing the listempty() to work correctly.